[krbdev.mit.edu #9182] bug in kdb5_ldap_util
Greg Hudson via RT
rt at krbdev.mit.edu
Wed Aug 27 01:15:44 EDT 2025
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9182 >
The service stash file should contain:
cn=kdc-srv,cn=krbContainer,dc=example,dc=local#{HEX}...
cn=adm-srv,cn=krbContainer,dc=example,dc=local#{HEX}...
where the "..."s are the hex encoding of the supplied passwords. In what way
is the file malformed? libkdb5_util is able to read a password from it, or
you would see an error about reading the stash file instead of an error about
the LDAP server rejecting the credentials. If I run the given commands, the
resulting file does not seem amiss.
(As an aside, the -D and -w options to these kdb5_ldap_util invocations should
be unnecessary, as this subcommand does not need to authenticate to the LDAP
server.)
More information about the krb5-bugs
mailing list